Google: Quantum threat to Bitcoin rises via Taproot risk

• Google's Quantum AI team reports that breaking Bitcoin's security may require fewer than 500,000 physical qubits, significantly lower than previous estimates of several million.
• The Taproot upgrade is identified as a factor that increases vulnerability by making public keys visible on the blockchain by default.
• Approximately 6.9 million bitcoin, or one-third of the total supply, are currently stored in wallets that could be susceptible to quantum attacks.

Revised Quantum Threat Estimates

Recent research from Google suggests that the timeline for quantum computers to pose a threat to blockchain encryption may be shorter than the industry anticipated. While previous estimates suggested that millions of physical qubits would be necessary to crack the cryptographic security of Bitcoin and Ethereum, the new findings indicate that fewer than 500,000 physical qubits could be sufficient. Furthermore, specific attack methods developed by the team might require only 1,200 to 1,450 high-quality qubits.

This discovery is particularly significant given Google’s previous projections that functional quantum systems could reach a milestone by 2029. The reduced hardware requirements imply that the window for migrating to quantum-resistant cryptography is narrower than investors and developers previously believed.

Vulnerabilities in Taproot and Real-Time Attacks

The study highlights a secondary risk introduced by Taproot, a 2021 Bitcoin upgrade designed to enhance privacy and efficiency. By making public keys visible on the blockchain by default, Taproot inadvertently removed a protective layer found in older address formats. This exposure makes it easier for a quantum attacker to identify the necessary data to calculate a private key.

Rather than targeting inactive wallets, researchers described a method for attacking transactions in real time:

• When a user broadcasts a transaction, their public key is briefly revealed.
• A quantum computer could potentially calculate the private key in roughly nine minutes.
• Since Bitcoin transactions usually take 10 minutes to confirm, an attacker has a 41% chance of successfully redirecting funds before the original transfer is finalized.

Scope of At-Risk Assets

The research estimates that 6.9 million bitcoin are currently held in wallets where the public key has been exposed, either through Taproot usage, address reuse, or older network protocols. This figure stands in stark contrast to other industry reports that suggested only a small fraction of the supply was at risk. While Ethereum is deemed slightly safer due to its faster transaction confirmation times, the overall findings suggest a systemic risk across major digital assets.

To share these findings responsibly, Google utilized zero-knowledge proofs to verify the accuracy of their attack models without disclosing the specific step-by-step methods, aiming to alert the crypto community while preventing immediate misuse of the research.